Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#3414 closed defect (fixed)

Apply referer policy to window.name

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone: TorBrowserBundle 2.2.x-stable
Component: TorBrowserButton Version:
Severity: Keywords: MikePerryIterationFires20110828
Cc: g.koppen@… Actual Points: 0.5
Parent ID: Points: 0.5
Reviewer: Sponsor:

Description

We should apply the user's chosen referer policy to window.name. In other words, if a url has a blank referer, we should clear out window.name for that window. With even the default referer policy, this will have the effect of wiping window.name between user-entered URLs.

This mechanism is also handy because it is currently impossible in XPCOM to distinguish user-entered URLs from javascript redirects of document.location.

Child Tickets

Change History (3)

comment:1 Changed 8 years ago by gk

Cc: g.koppen@… added

comment:2 Changed 8 years ago by mikeperry

Actual Points: 0.5
Keywords: MikePerryIterationFires20110828 added
Points: 0.5
Resolution: fixed
Status: newclosed

Decided to knock this one out because the code was just staring me in the face and it was like a 3 line fix.

I tested with http://www.thomasfrank.se/sessvarsTestPage1.html and it is unable to keep window.name filled with session vars if you just hit enter in the urlbar. It also blocks window.name entirely if you have disabled referers (which I think is what someone who disables referers probably wants).

comment:3 Changed 8 years ago by mikeperry

Milestone: TorBrowserBundle 2.2.x-stable
Note: See TracTickets for help on using tickets.